CVE-2026-42354 – Sentry SAML SSO

CVSS 9.1 CRITICAL

“A trusted login system can be turned into a silent account takeover tool.”

This patch addresses a critical authentication bypass vulnerability in Sentry affecting versions 21.12.0 through 26.4.0. The issue lies in the SAML SSO implementation, where improper authentication validation allows attackers to link arbitrary identities using a malicious identity provider. This enables full account takeover of any known user within the same Sentry instance.

CVE-2026-42354 has a CVSS score of 9.1, which is Critical severity. The vulnerability can be exploited remotely without authentication, requiring only knowledge of the victim’s email address. It has been resolved in version 26.4.1, which corrects the identity validation process.

Key Details

Affected Product: Sentry Sentry
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
CWE Classification: CWE-290

Patch this CVE on all your endpoints in under 5 minutes. First 200 endpoints are free forever, scale as needed.

CVE-2026-42354 – Sentry SAML SSO

Key Details

Stay Tuned

PLATFORM

SOLUTIONS

RESOURCES

COMPANY

LEGAL

CONTACTS

+1-346-444-8530

Toll Free: 833-444-8530

708 Main St, 10th FL, Houston, TX 77002